Secured by Galah Cyber with Cole Cornford

W2D1 Media
  • 0.0 (0)
  • TECHNOLOGY
  • UPDATED BIWEEKLY
Secured by Galah Cyber with Cole Cornford

Secured is the podcast for software security enthusiasts. Host Cole Cornford sits down with Australia's top software security experts to uncover their unconventional career paths and the challenges they faced along the way. Listen in as they share their insights on the diverse approaches to AppSec, company by company, and how each organisation's security needs are distinct and require personalised solutions. Gain insider access to the masterminds behind some of Australia's most successful Software security teams on Secured by Galah Cyber. This podcast uses the following third-party services for analysis: Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/

  1. From Cryptography to AppSec: Scott Contini on Building Practical Security

    APR 30

    From Cryptography to AppSec: Scott Contini on Building Practical Security

    Episode SummaryScott Contini has a PhD in cryptography with more than a dozen research publications, and has spent the last 15 years focused on solving real-world security problems. After switching from academia to industry in 2008, Scott has identified hundreds of cryptographic implementation flaws across the world, written widely read blogs on common coding mistakes, and contributed significantly to the 2021 OWASP Top 10 topic of Cryptographic Failures. He joins Cole Cornford to discuss how cryptography often goes wrong in practice, why secure-by-default APIs are reshaping security today, and the importance of clear communication and community-building in advancing the field. Scott also shares stories from working alongside legendary figures in cryptography, and offers advice for anyone looking to build a sustainable and impactful security career. Timestamps00:20 - Scott’s background in cryptography and transition to AppSec 02:00 - Moving from theory to real-world security challenges 05:00 - Common cryptography mistakes in the industry 07:50 - Why using the wrong encryption modes leads to vulnerabilities 10:10 - How Java’s cryptography design led to widespread issues 14:40 - The rise of secure-by-default APIs in cryptography 17:00 - Stories from working with cryptographic legends 22:00 - Improving advice in the OWASP community 27:50 - The value of writing and public speaking in AppSec careers 33:00 - Advice for newcomers in security: think like an attacker and keep learning Mentioned in this episode: Call for Feedback This podcast uses the following third-party services for analysis: Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/

    42 min
  2. Engineering Security: Bridging DevOps and AppSec with Jon-Anthoney de Boer

    APR 16

    Engineering Security: Bridging DevOps and AppSec with Jon-Anthoney de Boer

    Episode SummaryJon-Anthoney de Boer is the Product Security Lead at Transmax, overseeing security for critical infrastructure that manages traffic flow across Australia. Coming from a strong software engineering background, Jon-Anthoney shares his experience transitioning from traditional engineering into product and application security. He highlights the importance of aligning software engineering and security teams, building trust into the software development lifecycle, and fostering a security culture based on practical strategy rather than superficial metrics. Jon-Anthoney also discusses how behavioural change, organisational alignment, and operational excellence are key to achieving effective, sustainable security outcomes. Timestamps00:32 - Jon-Anthoney’s journey from electrical engineering to product security 05:08 - Transitioning from software craftsmanship to cybersecurity 09:30 - Why aligned incentives between engineering and security teams matter 12:22 - Goodhart's Law: pitfalls of security metrics 18:21 - Rethinking cybersecurity strategies beyond tools and compliance 25:12 - Building observability into the secure software development lifecycle 32:35 - Why executive support is crucial for security initiatives 38:34 - Operational excellence: removing waste from security processes Mentioned in this episode: Call for Feedback This podcast uses the following third-party services for analysis: Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/

    43 min
  3. Scaling Cyber at Fujitsu: Laura O'Neill on Strategy, Risk and Growth

    APR 2

    Scaling Cyber at Fujitsu: Laura O'Neill on Strategy, Risk and Growth

    Episode SummaryIn this episode of Secured, host Cole Cornford chats with Laura O'Neill from Fujitsu Cyber. Laura shares her journey from a pure maths and cryptography background through management consulting into the world of cybersecurity. She explains how she helped grow MF&A from a small team into a 70-person company before its acquisition by Fujitsu. Cole and Laura discuss the challenges of scaling a cyber practice, the importance of professionalising sales and board-level communications, and how embracing diverse, non-traditional talent can transform the industry. Their conversation offers valuable insights into shifting from a compliance-based mindset to a risk-based strategy that truly supports business objectives. Timestamps00:10 - Introduction to Laura O'Neill and her role at Fujitsu Cyber 02:27 - Laura recounts her journey from pure maths and cryptography to cybersecurity 05:31 - Discussing the rapid growth of MF&A from a small team to 70 staff 07:30 - Overcoming scaling challenges through improved processes and support 11:23 - Professionalising sales and board-level communications in cyber 15:30 - Moving from a compliance-driven approach to a risk-based strategy 26:16 - Embracing diversity and non-traditional hiring in cybersecurity 31:20 - The value of diverse backgrounds and soft skills in solving security challenges 40:43 - The importance of empathy and listening in leadership 42:16 - Closing thoughts on security as an enabling function for business success Mentioned in this episode: Call for Feedback This podcast uses the following third-party services for analysis: Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/

    44 min
  4. Balancing Compliance and Risk: Kat McCrabb on Cybersecurity for Mission-Driven Organisations

    MAR 19

    Balancing Compliance and Risk: Kat McCrabb on Cybersecurity for Mission-Driven Organisations

    Episode SummaryCole Cornford speaks with Kat McCrabb, founder of Flame Tree Cyber, about navigating cybersecurity compliance and risk, particularly within education, government, and mission-driven organisations. Kat shares insights from her experience in federal government and as CISO at Brisbane Catholic Education, highlighting the strengths and weaknesses of compliance frameworks like Australia's Essential Eight and MITRE ATT&CK. The conversation covers how to effectively communicate cyber risks to stakeholders, align security with organisational priorities, and why prevention beats incident response every time. Kat also discusses strategies for meaningful conversations around funding and shares her perspective on the evolving landscape of security in the age of SaaS and cloud technologies. Timestamps00:59 - Kat’s background and founding Flame Tree Cyber 03:10 - Defining mission-driven organisations 04:29 - Challenges of prescriptive compliance frameworks (ISM, Essential Eight, DISP) 05:41 - Compliance vs meaningful security improvement 06:51 - How threat modelling with MITRE ATT&CK helps allocate resources 07:35 - Balancing foundational cybersecurity and advanced threat intelligence 08:52 - Incident response and the value of understanding threat actors 11:46 - Allocating budget and demonstrating security value to executives 16:31 - How to effectively request security funding from the board 20:00 - Relevance of Essential Eight in modern SaaS environments 29:21 - Kat’s role with AISA and building the cybersecurity community in Queensland Mentioned in this episode: Call for Feedback This podcast uses the following third-party services for analysis: Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/

    33 min
  5. Breaking into Cyber: Kiera Farrell on Growth, Networking & Early-Career Lessons

    MAR 5

    Breaking into Cyber: Kiera Farrell on Growth, Networking & Early-Career Lessons

    Episode SummaryKiera Farrell, Cyber Analyst at David Jones, shares her journey from studying a Bachelor of Cybersecurity to landing a role in cybersecurity operations. She reflects on the challenges of breaking into the industry, the lessons learned from risk management, and the importance of networking in career growth. Kiera and Cole discuss the value of stepping outside your comfort zone, the evolving landscape of cybersecurity degrees, and what hiring managers can do to attract and retain young talent. If you're an aspiring cybersecurity professional or a leader looking to support early-career hires, this episode is packed with insights. Timestamps2:00 – Kiera’s journey: From Bachelor of Cybersecurity to David Jones 5:00 – What studying cybersecurity is really like 8:10 – The surprising importance of risk management 12:00 – Ethical hacking & the role of security education 16:30 – The grad job hunt: what works, what doesn’t 19:45 – The power of stepping out of your comfort zone 21:30 – Building a strong professional network 23:50 – What makes an employer attractive for graduates? 26:40 – How mentorship accelerates career growth 30:35 – Advice for students and early-career professionals Mentioned in this episode: Call for Feedback This podcast uses the following third-party services for analysis: Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/

    35 min
  6. The Story So Far: Inside Secured’s Growth and What’s Coming Next

    FEB 12

    The Story So Far: Inside Secured’s Growth and What’s Coming Next

    Episode SummaryIn this special solo episode, host Cole Cornford reflects on the journey of the Secured podcast over the past two years. He shares behind-the-scenes insights, from the unexpected challenges of cicada season disrupting recordings to the podcast’s growth, hitting 45 episodes and over 7,000 downloads. Cole discusses listener feedback, format changes, and his plans to expand the show, including moving to weekly episodes, introducing video content, and diversifying guest profiles. He also highlights listener engagement stats, the importance of audience reviews, and the future direction of Secured with a focus on delivering more valuable and dynamic cybersecurity content. Timestamps00:20 – The impact of cicada season on recording and production 01:10 – Hitting 45 episodes: reflections on the podcast’s growth 01:54 – Asking for listener feedback and reviews to support the show 02:51 – Plans to move to weekly episodes and potential sponsorships 03:51 – The possibility of introducing video content and its challenges 04:35 – Listener engagement stats: unique listeners, downloads, and demographics 08:05 – Most downloaded and highest engagement episodes revealed 10:55 – Diversity in guests and topics: striving for representation 13:48 – Changes in podcast format: cutting certain segments for better engagement 17:03 – The shift towards professional development-focused content 19:50 – Future goals: more international guests and sharper conversations Mentioned in this episode: Call for Feedback This podcast uses the following third-party services for analysis: Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/

    24 min
  7. Gaming Her Way to the Top: Madhuri Nandi on Security & Diversity

    JAN 22

    Gaming Her Way to the Top: Madhuri Nandi on Security & Diversity

    Episode SummaryMadhuri Nandi is the Head of Security at Till Payments and a trailblazer in the Australian cybersecurity industry. As co-chair of the Australian Women’s Security Network, she brings decades of experience to the table, breaking barriers for women in tech and redefining what leadership looks like in cybersecurity. Madhuri shares how a love for gaming and cheat codes sparked her journey into application security and the cultural challenges she overcame to thrive in a male-dominated industry. They explore the realities of leading security functions in scaling FinTechs, why compliance doesn’t equate to security, and the critical role of aligning cybersecurity strategies with business objectives. Timestamps01:13 Cheat Codes Ignite a Cybersecurity Path 02:26 From Database Admin to Security Professional 05:09 Lessons from Gaming & Early Misperceptions 07:29 The Jump into Executive Leadership 10:53 Compliance vs. True Risk Management 18:45 Overcoming Cultural & Workplace Hurdles 31:55 Diversity, Women in Tech & Final Reflection Mentioned in this episode: Call for Feedback This podcast uses the following third-party services for analysis: Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/

    37 min
  8. Empowering Developers, Elevating Security: Neha Malik on Building an AppSec Culture

    JAN 8

    Empowering Developers, Elevating Security: Neha Malik on Building an AppSec Culture

    Episode SummaryIn this episode of Secured, host Cole Cornford chats with Neha Malik, Head of Product Security at REA Group, about building and scaling effective application security (AppSec) programs. They delve into the importance of empathy, communication, and relationship-building between security teams and developers. Neha shares her journey from a Microsoft graduate program, through external consulting at KPMG, and into her current leadership role. They discuss making security easy for engineers, managing security champions programs with realistic expectations, and learning from other disciplines—like psychology and marketing—to better influence and engage stakeholders. Neha and Cole also highlight how tailoring approach and tooling can differ for startups and large enterprises, and emphasise that collaboration, not confrontation, leads to long-term AppSec success. Timestamps00:20 - Neha’s Role at REA Group and Positive AppSec Outcomes 01:30 - Starting a Career in Security at Microsoft’s Grad Program 05:45 - Building an AppSec Program from Scratch at REA 10:00 - Startups: Embedding Security in Tools Over Heavy Process 14:40 - Security Champions Programs: Value, Expectations, and Incentives 20:25 - Learning from Other Disciplines (e.g., Psychology) to Influence Teams Mentioned in this episode: Call for Feedback This podcast uses the following third-party services for analysis: Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/

    36 min
See All (50)

Trailer

About

Secured is the podcast for software security enthusiasts. Host Cole Cornford sits down with Australia's top software security experts to uncover their unconventional career paths and the challenges they faced along the way. Listen in as they share their insights on the diverse approaches to AppSec, company by company, and how each organisation's security needs are distinct and require personalised solutions. Gain insider access to the masterminds behind some of Australia's most successful Software security teams on Secured by Galah Cyber. This podcast uses the following third-party services for analysis: Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/

Information

More From W2D1 Media

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes, and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada